What Is DNS Cache Poisoning?
Domain name hijacking is a method of Internet attack. By attacking the DNS or forging the DNS, the domain name of the target website is resolved to the wrong address, so that the user cannot access the target website.
Domain hijacking
- The full name of DNS is Domain Name Server, a program that saves a table of domain names and corresponding IP addresses to resolve the domain names of messages. A domain name is the name of a computer or group of computers on the Internet. It is used to identify the computer's electronic location (also sometimes referred to as geographic location) during data transmission. A domain name consists of a series of dot-separated names, which usually include the name of the organization, and always include a two- to three-letter suffix to indicate the type of organization or country or region where the domain is located.
- The reason why the domain name resolution does not take a long time is because Internet access providers, such as Beijing Telecom, Henan Telecom, etc., in order to speed up the speed of users to open web pages, usually cache many domain name DNS records in their DNS servers. In this way, when the user of this access provider wants to open a webpage, the server of the access provider does not need to query the domain name database, but directly uses the DNS records in his cache, thereby speeding up the user's access to the website. This is an advantage.
- The disadvantage is that the cache of the Internet access provider's ISP will be stored for a period of time and updated only when needed, and there is no standard for the frequency of updates. Some ISPs may update once an hour, and some may update it only once a day or two.
- Therefore, the newly registered domain name is generally faster to resolve. Because all ISPs do not have a cache, when users visit, they need to query the domain name database to get the latest DNS data.
- If the old domain name changes the DNS record, the cached data of ISPs around the world is not updated immediately. In this way, different users under different ISPs can quickly obtain new DNS records, and some need to wait for the next update of the ISP cache.